Biometric key generation for secure storage

ABSTRACT

A method and apparatus for the generation and use of a biometric cryptographic key to secure and retrieve data that involves combining a random key and the biometric information to generate a template, such that the cryptographic key needed to retrieve the data cannot be obtained from the combination unless the identical user submits his or her biometric information during a subsequent biometric scan at which time the cryptographic key is generated from a combination of the stored template and the scan, allowing the secured data to be released and/or decrypted. Thus, if the system containing the secured data were compromised it would be virtually impossible to decrypt the data because not enough information resides on the system to re-construct the cryptographic key.

FIELD OF THE INVENTION

[0001] The present invention relates to cryptographic keys derived frombiometric information for use in securely storing data and morespecifically, to the generation and use of a cryptographic biometric keythat cannot be derived from information stored with the secured data.

BACKGROUND OF THE INVENTION

[0002] As society increases its reliance on digital storage for vitalinformation, the need to control who has access to such informationbecomes more critical. Numerous systems currently exist that control whocan and cannot access information. An example of such a system is an ATMmachine, in which an account holder accesses his or her informationusing, in combination, a magnetically encoded card and a personalidentification number (PIN). In cases where the information isparticularly sensitive, such as for the national defense, other means ofsecuring and controlling information involve mechanically or opticallyscanning, or otherwise sampling, a unique aspect of a user's physiology.Examples of such aspects include a user's voice, fingerprint, face,iris, or retina. Typically, such systems operate by performing a scan ofthe physiological characteristic of the user and, from this scan,creating a template of the biometric information which is stored inmemory on the same machine on which the data is stored. For anadditional layer of security the data may be encrypted using thecryptographic key to encrypt and decrypt the stored data. The biometricinformation in such systems is used to decide whether the user can usethe cryptographic key. Once the user is authenticated, he or she maythen access the information that they have been designated to access,using the cryptographic key to release and, if applicable, decrypt thedata.

[0003] The process for performing the scan of the physiologicalcharacteristic of the user is generally referred to as a registrationphase. Referring to FIG. 1(a), in the registration phase of existingsystems that control access to data using biometrics, some aspect of theuser 10 is scanned by a biometric scanner 12. The output of the scanneris then presented to a security device 14 along with the data to besecured 16. The scan of the user is secured inside the secure device 14in a template 18 and the data to be secured is stored in a data storagedevice 20.

[0004] As shown in FIG. 1(b), when the data is to be retrieved, the user10 is scanned again by the biometric scanner 12 and the output of thescan is compared to the value stored in the template 18 by a comparisondevice 22. The nature of biometric scan, prevents the comparison frombeing exact and the comparison device 22 must allow for differencesbetween the new scan and the stored template 20 up to some thresholderror level. If the new scan is close enough to the template, the accesscontrol system 24 allows the data in the data store 22 to be accessed.

[0005] In existing systems that use biometric information to controlaccess to data, the biometric template and the encrypted data aretypically stored on the same device, such as the secure device 14 shownin FIGS. 1(a) and 1(b). Data, encrypted or otherwise, in such a systemis vulnerable to attacks from unauthorized users. If the systemcontaining the data and biometric template is compromised, access couldbe gained to the biometric templates, and the templates could then beused to obtain access to the secured data whether or not it isencrypted.

[0006] It is therefore a principal object of the present invention toprovide a truly secure system for storing and retrieving data in whichthe cryptographic key is stored separately from the secured data.

[0007] It is a further object of the present invention to provide asecure system for storing and retrieving data in which the cryptographickey is derived from a biometric scan.

SUMMARY OF THE INVENTION

[0008] The present invention provides an apparatus and method for thegeneration and use of a random cryptographic key derived from a user'sbiometric information to secure and retrieve data using such randomcryptographic key. At the time the data is stored a template isgenerated from the random cryptographic key and a biometric scan of theuser and the random cryptographic key is used to encrypt the data. Whenretrieving the secured data, the random cryptographic key is regeneratedfrom the stored template when the identical user submits his or herbiometric information during a subsequent biometric scan therebyallowing the secured data to be accessed, and decrypted, if appropriate.Thus, if the system containing the secured data were compromised itwould be virtually impossible to access or decrypt the data because notenough information resides on the system to re-construct thecryptographic random key.

[0009] These and other features and functions of the present inventionwill be more fully understood from the following detailed descriptionwhich shall be read in light of the accompanying drawings.

BRIEF DESCRIPTION OF THE DRAWINGS

[0010]FIG. 1(a) is a block diagram of the registration phase of a priorart secure storage system.

[0011]FIG. 1(b) is a block diagram of the retrieval phase of a prior artsecure storage system.

[0012]FIG. 2(a) is a block diagram of the registration phase of thesecure storage system of the present invention.

[0013]FIG. 2(b) is a block diagram of the retrieval phase of the securestorage system shown in FIG. 2(a).

[0014]FIG. 3(a) is a block diagram of the registration phase of analternate embodiment of the secure storage system of the presentinvention.

[0015]FIG. 3(b) is a block diagram of the retrieval phase of the securestorage system shown in FIG. 3(a).

[0016]FIG. 4 is a flow chart illustrating the registration stage of themethod of the present invention.

[0017]FIG. 5 is a flow chart of retrieval stage of the method shown inFIG. 4.

[0018]FIG. 6 is a flow chart of the registration stage of an alternateembodiment of the present invention.

[0019]FIG. 7 is a flow chart of the retrieval stage of the alternateembodiment of the present invention shown in FIG. 6.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS

[0020] The present invention is a method and apparatus for thegeneration and use of a template derived from a user's biometricinformation and a random cryptographic key to secure and retrieve data,such that the random cryptographic key cannot be obtained to retrievethe data unless the identical user submits his or her biometricinformation during a subsequent biometric scan at which time the randomcryptographic key is regenerated, allowing the secured data to beaccessed and, if appropriate, decrypted.

[0021] Referring to FIGS. 2a and 4, in the registration stage, abiometric scanning device 32 scans some physiological aspect of a user30, such as the user's fingerprint, iris, face, retina or voice togenerate biometric scan data. In the preferred embodiment, an iris scanis used, but other biometric scanning techniques will be equallyeffective provided that the matching parameter used by such biometricscanning device 32 is the hamming distance between the processed scanand the template. Suitable iris scanning devices 32 can be obtained fromIriscan Inc. of Marlton, N.J. The biometric scan data is processed bythe biometric scanning device 32 and the biometric scan data is providedto secure system 34 in step 300. At about the same time the biometricinformation is received, a random number generator 36 in the securesystem 34 generates a random cryptographic key in step 305. In thepreferred embodiment the random number generator 36 is a hardware randomnumber generator, generally referred to as a True Random NumberGenerator. In step 310, the bit length of the random cryptographic keyand the bit length of the biometric scan data are fetched by thebiometric scanner 32. If the random cryptographic key is not the samelength as the biometric scan data, the random cryptographic key ispadded in step 315 and in step 320, an error correction code 42 (“ECC”)is added, so that the combination of the random cryptographic key, thepadding and the error correction code has a bit length equal to the bitlength of biometric scan data. The ECC is proportional to the length ofthe data being corrected and in a preferred embodiment the bits addedfor padding are random valves.

[0022] The error correction code is chosen with certain specificproperties. In particular, the error correction code must be able todetect and correct exactly the same number of erroneous bits as athreshold hamming distance used by the biometric scanner 32. (Thehamming distance between two data streams is the number of correspondingbits in the two streams that are different). The hamming distance isdependent on the exact biometric scheme chosen, the level of certaintythat the system is looking at the right user (“the false accept rate”)and the tolerance for refusing access to users own data (“the falsereject rate”). The shorter the hamming distance the lower the falseaccept rate and the higher the false reject rate. For the iris scansystem used in a preferred embodiment of the present invention, adistance of about 30% of the number of bits being compared is thepreferred distance, but obviously other hamming distances can be used aswell. The ECC is chosen based on the desired threshold. The errorcorrection software can be used to work with any biometric scheme. Anycommonly used class of error correction codes can be used. One suitabletype are the Reed-Solomon codes. An error correction code is requiredbecause biometric scanning processes generally cannot maintain perfectfidelity between successive scans. The error correction code allows thevariability between successive biometric scans to be accounted for andto ensure that if the user is the correct user, the similarity of thetwo biometric scans will be within a predetermined threshold, and assuch, be able to regenerate the correct cryptographic key.

[0023] The random cryptographic key, padding and error correction codeare combined with the biometric scan data using a reversible operation38 such as an exclusive OR operation in step 340. The result of theoperation 38 is then stored as a template 40 for future use. The data 48is input to the secure system 34 in step 330 and it is secured andgenerally encrypted using the random number generated by random numbergenerator 36. The random value is used as the key and the data to beprotected is presented to the encryption function as the data. Any“symmetric” cipher can be used as the encryption function and the USData Encryption Standard which is a triple key mode (3-DES, NIST FIPS46-3) or the forthcoming US advanced encryption standard (AES, NIST, noFIPS number as it is still in draft form) could be used. The encrypteddata is stored in a data storage device 46 in step 335.

[0024] Referring to FIGS. 2(b) and 5, the method for retrieving thesecured data will now be described. When the user 30 wants to retrievesecured data, the same physiological aspect that the user used to securethe data is scanned in step 500 by the biometric scanner 32. In step505, the template 40 is retrieved.

[0025] In step 510, the template 40 and biometric scan data areprocessed by the same reversible operation 38 that was used to securethe data (i.e., in the preferred embodiment, an exclusive OR operation).The result of the reversible operation 38 is passed through the errorcorrection code checker, in step 515. The user is determined in step 520to be the same person who created the key if the hamming distancebetween the original scan and the current scan is less than apredetermined threshold. If the user is a different user or anunauthorized user then the difference will be too large to correct andthe ECC checker will fail to deliver the correct random cryptographickey and a key construction failure will be generated in step 525. If theuser is the correct user, in step 530 the data can be accessed and thecorrect random cryptographic key is generated to decrypt, the data inthe database.

[0026] Referring to FIGS. 3(a) and 6, an alternate embodiment of thepresent invention is shown in which the random cryptographic key is notused directly to secure, encrypt and decrypt the data, but instead ispassed through a hash function and the result is then used to secure,encrypt and decrypt the data. In this embodiment, during theregistration stage the biometric scanner 32 scans some physiologicalcharacteristic of the user 30. The scanned biometric data 33 is receivedby the system in step 300. At or about the same time the biometric data33 is received, a random number generator generates, in step 305, arandom number 36. The bit length of the random number 36 when combinedwith the error correction code 42 is equal to the bit length of thebiometric scan data. The error correction code 42 is selected using thecriteria describe above with respect to the embodiment shown in FIG.2(a). The random number 36 is then passed through a hash function 70 tocreate the random cryptographic key that is used in step 330 to secureand/or encrypt data 44 that was input by the user, in step 325. In apreferred embodiment, the hash function used is an implementation of theUS Secure Hash Standard (SHS, NIST FIPS-180). Other strong cryptographichash functions can also be used. The encrypted data is then stored in adata store 46 in step 335. The cryptographic key is also combined withthe user's biometric information by a reversible operation 38 (such asan exclusive OR operation) in step 340. The result is then stored as atemplate 40 for future use in step 345.

[0027] Referring now to FIGS. 3(b) and 7 the retrieval phase of thisalternate embodiment will now be described. The biometric scan data 33generated by the biometric scanner 32 is combined by the reversibleoperation 38 with the template 40. Again the reversible operation mustbe the same reversible operation used to create the template in FIG.3(a). The results of the reversible operation 38 are passed through anerror correction code checker 42 in step 515 and if the correct randomcryptographic key is reconstructed as determined in step 520, the datastream is passed through the same hash function 70 used in connectionwith encrypting the data in FIG. 3(a) in step 600. The data is thenreleased and/or decrypted in step 530. In another alternate embodimentof the present invention, the result from the hash function could beused as a key for a digital signature scheme for the user when sendinginformation to other users either on the system or outside of thesystem. In a preferred embodiment, an implementation of the US DigitalSignature Standard (DSS, NIST FIPS 186-2) is used.

[0028] Passing the cryptographic key through a hash function before usein the securing, encryption and decryption processes is advantageousbecause any single uncorrected error in the scan will, with highprobability, change a great deal of the random key data. This makes ithighly unlikely that an unauthorized user will generate the correct key.Additionally, using a hash function will make it very hard for such auser to search for similar keys if they expect the difference betweentheir scan and the real user's scan to be small.

[0029] In another embodiment of the present invention, the fact that therandom key is likely to be much shorter than the biometric data is usedto perform a key expansion. The random key can be expanded into a set ofparts. In this embodiment, a number of key sized chunks of random dataare derived so the total is as long as the biometric scan. Exclusive ORoperations are then performed on the random data chunks to make the key.The total size of the bits of random data in such case is long, but theresulting key is short. This process performs essentially the samefunction as the hash function but may be easier to compute. This set ofparts can then have the ECC added and used as described above. When theuser returns to recreate the key all of the data mixed with thebiometric scan data must be close enough to have only correctableerrors. In other words, the hamming distance for the scan must havesufficiently few differences from the stored value that all the correctbits for all the chunks can be retrieved. This makes the system moreresilient when used with biometric scan data that might have somesimilarities between different users.

[0030] The present invention provides a system and a method to securedata on any computing device, not just trusted computing devices. In oneembodiment of the present invention the apparatus and method could beused to secure and, if appropriate, encrypt and decrypt, files on alaptop computer fitted with a biometric scanning device.

[0031] While the foregoing invention has been described with referenceto its preferred embodiments, various alterations or modifications willoccur to those skilled in the art. All such alterations andmodifications are intended to fall within the scope of the appendedclaims.

What is claimed is:
 1. A method for generating security informationusing biometric information, said method comprising the steps of:receiving scan data relating to a person securing data; generating arandom cryptographic key; performing a reversible operation on saidbiometric scan data and said random key to create a template; storingsaid template;
 2. The method for generating security information usingbiometric information of claim 1 further comprising the step of addingan error correction code to said random cryptographic key.
 3. The methodfor generating security information using biometric information of claim2 further comprising the step of adding bits to said biometric scan datafor padding purposes.
 4. The method for generating security informationusing biometric information of claim 1 wherein said reversible operationperformed on said random cryptographic key and said biometric scan datais an exclusive OR operation.
 5. The method for generating securityinformation using biometric information of claim 1 further comprisingthe step of passing said random cryptographic key through a hashfunction to produce a hashed random cryptographic key for encryptingdata to be secured through the use of said hashed random cryptographickey.
 6. A method of retrieving a random cryptographic key originallygenerated using biometric information, said method comprising the stepsof: receiving biometric scan data relating to a person seeking access tothe secured data; combining, through a reversible operation, saidbiometric information with a stored template, to derive said randomcryptographic key.
 7. The method of retrieving a random cryptographickey of claim 6 further comprising the step of passing said derivedrandom cryptographic key through an error correction code checker,wherein said random cryptographic key includes an error correction code.8. The method of retrieving a random cryptographic key of claim 6wherein said reversible operation is an exclusive OR operation.
 9. Themethod of retrieving a random cryptographic key of claim 7 wherein saidderived cryptographic key is passed through a hash function after it isverified by said error correction code checker.
 10. A method securingand unsecuring user data using a biometric cryptographic key, saidmethod comprising the steps of: receiving a first biometric scan dataset relating to a person securing user data; generating a randomcryptographic key; performing a reversible operation on said biometricscan data and random cryptographic key to create a template; storingsaid template; securing the user data through use of said randomcryptographic key; receiving a second biometric scan data set from aperson desiring to retrieve the secured user data; performing saidreversible operation on said template and second biometric scan data setto derive a key; using said derived key to retrieve said secured userdata.
 11. The method of securing and unsecuring data of claim 10 furthercomprising the step of adding an error correction code to said randomcryptographic key prior to performing said reversible operation thatresults in the creation of a template.
 12. The method of securing andunsecuring data of claim 10 further comprising the step of adding bitsto said random cryptographic key prior to performing said reversibleoperation that results in the creation of a template in order to makethe bit length of the random cryptographic key equal to the bit lengthof the first biometric scan data set.
 13. The method of securing andunsecuring data of claim 10 wherein said reversible operation is anexclusive OR operation.
 14. The method of securing and unsecuring dataof claim 10 wherein said random cryptographic key is passed through ahash function before it is used to secure said user data.
 15. The methodof securing and unsecuring data of claim 12 further comprising the stepof stripping said added bits from said derived key prior to using saidderived key to retrieve said secured user data.
 16. A method forsecuring user data using a random cryptographic key, said methodcomprising the steps of: receiving a first biometric scan data setrelating to a person securing user data; generating a randomcryptographic key; performing a reversible operation on said biometricscan data and random key to create a template; storing said template;securing the user data through use of said random cryptographic key. 17.The method for securing user data using a random cryptographic key ofclaim 16 further comprising the step of adding an error correction codeto said random key prior to performing said reversible operation thatresults in the creation of said template.
 18. The method for securinguser data using a random cryptographic key of claim 16 furthercomprising the step of adding bits to said random key prior toperforming said reversible operation that results in the creation ofsaid template in order to make the bit length of the randomcryptographic key equal to the bit length of the first biometric scandata set.
 19. The method for securing user data using a randomcryptographic key of claim 16 wherein said reversible operation is anexclusive OR operation.
 20. The method for securing user data using arandom cryptographic key of claim 16 wherein said random key is passedthrough a hash function before it is used to secure said user data. 21.A method unsecuring data using a random cryptographic key, said methodcomprising the steps of: receiving a biometric scan data set from aperson desiring to retrieve the secured user data; performing areversible operation on a stored template and said biometric scan dataset to derive a key; using said derived key to retrieve said secureddata.
 22. The method of unsecuring data of claim 21 wherein saidreversible operation is an exclusive OR operation.
 23. The method ofunsecuring data of claim 21 further comprising the step of strippingbits from said derived key prior to using said derived key to retrievesaid secured user data.
 24. An apparatus for securing and unsecuringdata through the use of a biometric cryptographic key comprising: abiometric scanner; a secure data system comprising a processor and afirst data store, said processor being programmed to generate a randomkey and for performing reversible operations on biometric scan data setsand said random key to create a template, said processor also securingsaid data from access by unintended parties through the use of saidrandom key; and a second data store for storing said template.